Back

How to Enable Enhanced Security Features in Azure

To enable Microsoft Defender for Cloud you must first prepare your environment by enabling enhanced security features and provisioning agents and ext...

5 min read
Published on Jul 21, 2022
gold-coast-2022-things-to-do-when-visiting-san-diego

To enable Microsoft Defender for Cloud, you must first prepare your environment by enabling enhanced security features and provisioning agents and extensions on Azure.

What Are Enhanced Features?

The Defender for Cloud generates alerts or notifications when it detects threats on your resources. It prioritizes and lists the notifications alongside the information you need to analyze the problem quickly. Defender for Cloud also avails the detailed steps you should take to remediate risks. The platform also retains the collected alerts for 90 days. Another enhanced feature is security incidents, a collection of related alerts. Defenders of Cloud Alerts can be listed together instead of individually, using Cloud smart alert correlation. The feature, indeed, allows for a correlation of various alerts and low-fidelity signals into security incidents.

Defender for Cloud provides you with a single view of an attack campaign besides all the related alerts. The view provides a platform where you can quickly understand the actions of an attacker and the affected resources.

Turning on Enhanced Features on Subscriptions and Workspaces Within Azure

Enabling Defender for Cloud’s enhanced security features will enable you to protect an entire Azure subscription. All the resources within the subscription will inherit all the protection. A free 30-day trial period is available, after which the respective charges will apply.

The first step in enabling all Defender for Cloud Alerts features is to enable enhanced security features on the subscription containing applicable workloads. It will also enable threat protection capabilities. When you enable it at the workspace level, you don’t enable adaptive application controls, just-in-time VM access, and network detection for Azure resources.

What’s more, the workspace level only allows Microsoft Defender for SQL servers and Microsoft defender for server plans. Take note that you can enable:

  • Microsoft Defender for Storage accounts at the resource or subscription level
  • For open-source relational databases at the resource level only
  • For SQL at the resource or subscription level

Enabling Enhanced Security Features on One Subscription

  • Go to the main menu on Defender for Cloud and select environment settings
  • Choose the workspace or subscription you want to protect
  • Upgrade by selecting Enable all Microsoft Defender Plans
  • Lastly, click on Save

Enabling Enhanced Security in Multiple Workspaces or Subscriptions

  • Go to the menu on Defender for Cloud and select Getting started. The Upgrade tab lists all workspaces and subscriptions eligible for onboarding.
  • Choose the workspaces and subscriptions to upgrade from the selected workspaces and subscriptions to protect yourself with Microsoft Defender for Cloud list.
  • Click Upgrade to enable all security features in Microsoft Defender for Cloud.

Note not to select workspaces and subscriptions not eligible for trial as the next step will initiate charges to upgrade them. However, only the eligible subscriptions and workspaces will begin a free trial.

Disabling Enhanced Security Features

If, at any time, you need to disable enhanced security features for a workspace or subscription, the procedure is as above. However, this time you’ll select enhanced security.

  • Go to Environment setting on Defender for Cloud’s menu
  • Select the subscription whose security features you want to disable
  • Choose Defender plans and click on Enhanced security off
  • Lastly, click Save

Data collection may not cease immediately after disabling the enhanced security features on single or multiple plans.

Enabling Auto Provisioning of Log Analytics

using azure for logging analytics After enabling enhanced security features, the next thing is to enable the necessary extensions and agents for automatic data collection.

Why Use Auto Provisioning?

Auto-provisioning decreases management overhead by installing all the necessary extensions and agents on new and existing machines. It then ensures faster security coverage for all supported subscriptions and workspaces.

The settings on auto-provisioning feature a toggle for each supported extension. Enabling auto-provisioning of an extension allows you to assign the relevant “Deploy if not exists” policy. The policy then ensures the provisioning of an extension on all similar future and existing resources. Auto-provisioning comes disabled by default, and Microsoft recommends enabling it in the following steps:

  • Navigate to Environment Settings on Defender for Clouds menu
  • Choose the relevant subscription
  • Change the status of auto-provisioning for Log Analytics to On on the Auto-provisioning page.
  • Move to the configuration options pane and define the workspace. Here, the task is to connect Azure VM to Defender for Cloud’s default workspace. Defender for Cloud will also create a new resource group in the same geolocation, connecting it to the agent assigned to that workspace.

Defender for Cloud will create multiple workspaces to comply with data privacy requirements if a subscription has VMs from multiple geolocations.

Azure VM

Next, connect Azure VM to a different workspace by selecting the workspace to store collected data from the dropdown list. Then, use this option to collect data from VMs running on various subscriptions and store it in your selected workspace. Using an existing Log Analytics workspace might be a better option if you have it, although you’ll require read and write permissions on the platform. The option is ideal for centralized workspaces when you need data collection.

  • Navigate to Windows security events configuration and choose the raw event data amount to store. The four levels are NoneMinimalCommon, and All events.
  • Select Apply
  • Select Save

You can go ahead and enable automatic provisioning of an extension after that of the Log Analytics agent by:

  • Toggling the status to On for the appropriate extension
  • Select Save

Finally, a prompt will appear asking if you want to reconfigure the monitored VM previously attached to the default workspace. If you select:

  • No: The new workspace settings will only apply to VMs that you have newly discovered and which lack the Log Analytics
  • Yes: The new workspace settings will apply to all VMs connected to the Defender for Cloud. Ensure you don’t delete the workspaces Defender for Cloud creates until all VMs reconnect to the new target workspace.

Enable Enhanced Security Features in Azure

Defender for Cloud Alerts is a crucial feature for your hybrid, on-premises, and Azure environments. The alerts are only available with enhanced security features enabled. You can then upgrade them from the Environment Settings page or have an expert in Microsoft handle the process for you.

Agile IT is a Microsoft Gold Security partner with 16 years of experience in the Microsoft Cloud. To learn how to defend every piece of your environment without information overload and using your existing Microsoft licensing, request a consultation today.

Related Posts

Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

GCC High Vs GCC for Protecting CUI with CMMC

Learn the key differences between GCC and GCC High for handling CUI under CMMC, DFARS, and NIST 800-171. Find out which cloud meets your compliance needs.

Mar 31, 2025
4 min read
Risks of not using a CMMC RPO

The Risks of Not Using a CMMC RPO for Compliance and Certification Readiness

A CMMC RPO helps organizations prepare for certification and avoid compliance failures. Learn why working with an RPO is essential for achieving CMMC compliance.

Mar 20, 2025
8 min read
CMMC 2.0 Require GCC High for Compliance

Does CMMC 2.0 Require GCC High for Compliance?

Does CMMC 2.0 require GCC High? Learn the cloud options for compliance, data security, and protecting CUI under NIST 800-171 and DFARS.

Mar 17, 2025
10 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

CMMC RPO vs a C3PAO: Understanding Their Roles in Compliance

Understanding the difference between an RPO and a C3PAO is crucial for CMMC compliance. Learn why they should be separate and how an RPO helps prepare for certification.

Mar 15, 2025
6 min read
Can You Meet CMMC with Google Workspace?

Can You Meet CMMC with Google Workspace?

Is Google Workspace CMMC compliant? Learn about its DFARS, NIST 800-171, and ITAR limitations and how migrating to GCC High ensures full compliance.

Mar 4, 2025
7 min read
Is Maintaining a GCC High Tenant Worth It for Non-Government

Evaluating the Need for a GCC High Tenant in Non-Government Organizations

Explore whether maintaining a GCC High tenant is necessary for organizations not involved in government work. Understand the pros and cons, costs, and compliance considerations.

Feb 25, 2025
7 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation